为了辨识油气智慧管道系统中存在的信息安全风险,通过基于系统论事故分析模型(systems-theoretic accident model-ing and process,STAMP)的方法,对油气智慧管道系统的信息物理安全进行全面评估与分析.首先,系统综合分析了油气智慧管道涉及的设备、设施、工艺、元件,评估其安全性.其次,通过建立STAMP模型,深入分析了各层级、元件之间的反馈信息与控制动作,形成了明确的控制反馈回路,突显了元件之间的关联与控制关系.在此基础上,系统辨识出了潜在的信息风险因素,推导并构建了可能发生的系统失效场景.以天然气输气首站油气智慧管道系统为例,研究验证了基于STAMP模型的可行性和有效性.结果显示,该方法不仅直观地描述了元件之间的关联与控制关系,而且从物理层功能安全的角度全面考虑了信息风险,特别凸显了过程控制系统(process control systems,PCS)及易受攻击的操作员站.与传统方法相比,本研究所提出的方法将信息物理安全风险因素的识别率提升至80%以上,提高了 40%以上,有助于避免不必要的安全措施冗余设计,提高了安全风险管控的准确性.
Cyber-physical Risk Identification of Oil and Gas Intelligent Pipeline System Based on System Theory Accident Analysis Model
In order to identify the information security risks existing in the oil and gas smart pipeline system,the information physical security of the oil and gas smart pipeline system was comprehensively assessed and analyzed through the method based on systems-theoretic accident modeling and process(STAMP).First,the equipment,facilities,processes,and components involved in the oil and gas smart pipeline were systematically and comprehensively analyzed to assess their safety.Secondly,through the establishment of STAMP model,the feedback information and control actions between each level and component were analyzed in depth,and a clear control feedback loop was formed,highlighting the association and control relationship between components.On this basis,potential information risk factors were systematically identified,and possible system failure scenarios were deduced and constructed.Taking the oil and gas smart pipeline system of the first natural gas transmission station as an example,the study verified the feasibility and effectiveness of the STAMP-based model.The results show that the method not only intuitively describes the association and control relationship between components,but also comprehensively considers the information risk from the perspective of physical layer functional safety,especially highlighting the control elements PCS(process control systems)and the vulnerable operator stations.Compared with traditional methods,the method proposed in this study increases the identification rate of information physical security risk factors to more than 80%,which is an improvement of more than 40%,helps to avoid unnecessary redundant design of security measures,and improves the accuracy of security risk management and control.
oil and gas smart pipeline systeminformation physical securityintelligent risk identificationSTAMPnatural gas transmission first station
万方数据
维普
